Platform
Owner, admin, member — plus custom roles. Granular controls per WhatsApp number, bot, campaign, contact list. Audit logs on every action. Ready for enterprise from day one.
Built-in roles
Owner / Admin / Member
Roles
Define your own
Access
Number, bot, list, campaign
Every action
Full traceability
Owner: full control, billing, workspace settings. Admin: configure bots, campaigns, integrations. Member: send messages, view assigned conversations. Right defaults for 80% of teams.
Define your own roles by combining permissions. 'Campaign Manager' (campaigns + contacts), 'Support Lead' (inbox + bot config), 'Read-only Auditor' (view everything, edit nothing).
Restrict roles to specific WhatsApp numbers, bots, contact lists, or campaigns. Sales team sees only Sales line; Support sees only Support line.
Invite users by email with a specific role pre-assigned. They get a magic link to join. Invitations expire after 7 days; auditable revocation anytime.
Every privileged action logged: who created the bot, who deleted that template, who exported the contact list, who changed a role. Export to SIEM if needed.
API keys inherit permissions of the role they're issued under. Generate scoped keys for specific integrations (e.g. 'read-only contacts API').
From Workspace Settings → Members, enter teammate emails and pick a role for each. They receive a Keycloak-backed invite link to join.
For roles that need scoped access, restrict to specific resources. 'Anjali can manage the Hindi number's bot but not the English one.'
First-time users go through Keycloak OAuth. Returning users authenticate once and access the workspace immediately.
Workspace Settings → Audit Log shows every action with timestamp, actor, resource, and outcome. Filter by date, user, action type.
Promote a member to admin, restrict a role's scope, revoke access — all from the same page. Changes take effect within seconds.
| Feature | Edesy | Typical competitor |
|---|---|---|
| Built-in roles | 3 | 1–2 |
| Custom roles | Enterprise tier only | |
| Per-resource scoping | ||
| API key role inheritance | ||
| Audit log on all actions | Limited | |
| Email invitations with magic link | ||
| Scope by WhatsApp number | ||
| Scope by bot / contact list |
Each client gets their own workspace. Agency team has admin role across all; client owners have admin in their own workspace only. Clean isolation.
Zero accidental cross-client data exposure
Marketing team handles campaigns. Support team handles inbox. Ops team handles integrations. Custom roles enforce least-privilege.
Onboarding new team members takes 5 min, not 5 hours
Created a read-only Auditor role for compliance team. They can see every conversation and configuration but can't modify anything.
Passed SOC 2 audit with this configuration
Client's brand needs WhatsApp service but doesn't want to give full access to a BPO. BPO agents get scoped Member role on one number only.
Client trust + audit trail meets contractual requirements
India team manages India number; LatAm team manages Mexico/Brazil numbers. Region-scoped admin roles per local team.
Local teams move fast without stepping on each other
Brought on a part-time WhatsApp consultant. Gave them admin scoped to one bot only. Revoked access after project. Audit log proves what they did.
Clean handoff, no lingering risk
Most WhatsApp platforms ship a single 'team member' role and call it done. That works fine until you try to scale past 5 users — then suddenly you need 'this person can run campaigns but shouldn't see contact lists', 'that auditor needs read access to everything but write access to nothing', 'the BPO agents should only see the support inbox, not the marketing one'. Without proper RBAC, your only options are 'give everyone admin' (terrifying) or 'don't give them access at all' (operationally painful).
Edesy's RBAC is built on three layers. Built-in roles cover the common cases (Owner, Admin, Member) — most workspaces never need anything else. Custom roles let you define your own permission combinations for unusual structures (auditor, regional manager, campaign-only operator). Per-resource scoping is the third layer: you can restrict any role to specific WhatsApp numbers, bots, or contact lists. So 'Admin on the Hindi number, no access to English' is one toggle, not a system you have to build yourself.
The audit log is the unsexy feature that closes enterprise deals. Every privileged action — creating, modifying, deleting bots / templates / contacts / campaigns; viewing exported data; rotating API keys — gets logged with actor, timestamp, IP, and outcome. The log is queryable, exportable, and tamper-evident. When a CISO asks 'who deleted that contact list last Tuesday?', you have the answer in 10 seconds. When auditors ask for proof of separation of duties, you generate the report on the spot.
API key role inheritance is a quieter superpower. When you create an API key, it inherits the permissions of the user who created it. Generate a read-only key for your data warehouse ETL — that key can never accidentally modify data, even if it's compromised. Generate a campaign-only key for your marketing automation — it can't access the inbox or modify bots. This level of API key scoping is rare in WhatsApp platforms and a clear differentiator when developer teams evaluate options.
Free workspace, all roles included. Most teams configure roles + invite their full team within 30 minutes.